package com.nailabs.abac.trust; import com.nailabs.abac.process.*; import edu.stanford.peer.rbtm.credential.*; import java.util.*; /** * This is a specialized standard trust target which knows how to process * linked trust targets. */ public class LinkTTNode extends StandardTTNode { private LinkingGoal monitorId = null; /** default constructor for standard trust target node */ public LinkTTNode(TrustTarget target) { super(target); processor = new ProcessingState(false, false); subName = "LinkedTarget"; } public Role getFirstRole() { LinkedRole role = (LinkedRole)getTargetExpression(); return role.getFirstRole(); } public RoleName getSecondRoleName() { LinkedRole role = (LinkedRole)getTargetExpression(); return role.getSecondRoleName(); } protected void _process(NegotiationContext context) { TTG graph = context.getGraph(); if(monitorId == null) { try { Entity v = getVerifier(); EntityExpression s = getSubject(); monitorId = new LinkingGoal(v, getSecondRoleName(), s); } catch (Exception ex) { // add a warning message here--something has gone very wrong return; } } // 1. Add the (unique( linking-monitor edge, T <--< if(!children.containsKey(monitorId)) { graph.addLinkingMonitorEdge((TrustTarget)getGoal(), monitorId); } // // This happens when the LinkingGoalNode is processed. It doesn't // actually happen here. // // 2. After (1) is done, V can add a linking implication edge // T <--< for each linking-solution edge // <--< such that each // grandchild () is satisfied. // } /** * Process a node whose trust target verifier entity is not self * @see RMINegotiator */ public void opponentProcess(NegotiationContext context) { TTG graph = context.getGraph(); Entity v = getVerifier(); EntityExpression s = getSubject(); //Initialize the unique id for the linking monitor child linking goal if(monitorId == null) { try { monitorId = new LinkingGoal(v, getSecondRoleName(), s); } catch (Exception ex) { // add a warning message here--something has gone very wrong return; } } // 1. Add the (unique( linking-monitor edge, T <--< if(!children.containsKey(monitorId)) { graph.addLinkingMonitorEdge((TrustTarget)getGoal(), monitorId); } // // This happens when the LinkingGoalNode is processed. It doesn't // actually happen here. // // 2. After (1) is done, V can add a linking implication edge // T <--< for each linking-solution edge // <--< such that each // grandchild () is satisfied. // LinkingGoalNode childNode = (LinkingGoalNode)graph.getNodeByHash(monitorId); _process(context); // 3. Mark this node verifier processed only after both 1 & 2 // are done and has a complete completion state. if(childNode.getProcessingState().isOpponentProcessed() && childNode.isComplete()) { graph.setOpponentProcessed(getGoal()); } } /** * Process a node whose trust target verifier entity is self * @see RMINegotiator */ public void verifierProcess(NegotiationContext context) { FrontierManager fm = context.getFrontier(); TTG graph = context.getGraph(); RoleName r1 = getFirstRole().getName(); // // If r1 is issuer-traces-def // if(fm.isIssuerTracesDef(r1)) { if(monitorId == null) { try { Entity v = getVerifier(); EntityExpression s = getSubject(); monitorId = new LinkingGoal(v, getSecondRoleName(), s); } catch (Exception ex) { // add a warning message here // something has gone very wrong!! return; } } // 1. Add the (unique) linking-monitor edge, // T <--< if(!children.containsKey(monitorId)) { graph.addLinkingMonitorEdge((TrustTarget)getGoal(), monitorId); } // // This happens when the LinkingGoalNode is processed. It doesn't // actually happen here. // // 2. After (1) is done, V can add a linking implication edge // T <--< for each linking-solution edge // <--< such that each // grandchild () is satisfied. // // 3. Mark this node verifier processed only after both 1 & 2 // are done and has a complete completion state. LinkingGoalNode childNode = (LinkingGoalNode)graph.getNodeByHash(monitorId); if(childNode.getProcessingState().isVerifierProcessed() && childNode.isComplete()) { graph.setVerifierProcessed(getGoal()); } } // // If r1 is issuer-traces-all // if(fm.isIssuerTracesAll(r1)) { // 1. For each entity B such that A.r1 <<-?- B, and for each e // such that e is an element of oppoFrontier(B.r2), V can add a // standard implication edge T,--< Iterator i = fm.getOppoLocal(getFirstRole()).resultSet().iterator(); while(i.hasNext()) { EntityExpression expr=(EntityExpression)i.next(); //debug("linked", "issuer-traces-all matched " + cred); try { if(expr instanceof Entity) { Entity b = (Entity)expr; Role bDotR2 = new Role(b, getSecondRoleName()); Iterator oppoSet = fm.getOppoFrontier(bDotR2).resultSet().iterator(); while(oppoSet.hasNext()) { EntityExpression e = (EntityExpression)oppoSet.next(); TrustTarget child = new TrustTarget(getVerifier(), e, getSubject()); //get evidence here graph.addImplicationEdge(getGoal(), child, null); } } } catch (Exception ex) { ex.printStackTrace(); } } // 2. V can mark T as verifier-processed only after step 1 is done graph.setVerifierProcessed(getGoal()); } } /** * A comparator function to see if the specified role matches the second * role name. */ protected boolean isLinkingSolution(Role r) { RoleName r2 = getSecondRoleName(); return (r2.equals(r.getName())); } /** * When the linking child monitor becomes complete, this node needs to * change it's processing state. * @param state The new satisfaction state to be propagated. */ public void receive(LinkingGoal source, CompletionState state) { TTG graph = getContext().getGraph(); FrontierManager fm = getContext().getFrontier(); Entity me = fm.getSelf(); RoleName r1 = getFirstRole().getName(); boolean subjectTraceable = fm.isSubjectTraceable(r1); if(state.isComplete() && source.equals(monitorId)) { if(me.equals(getVerifier())) { if(!subjectTraceable) { //if r1 is not subject traceable graph.setVerifierProcessed(getGoal()); } } else { if(subjectTraceable) { //if r1 is subject traceable graph.setOpponentProcessed(getGoal()); } } } } }